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facebook 



20 Million Login Daily 



6.2 million joining Twitter 
every month 



End of 2009: 
75 Million Users 



Fake accounts? Orly? 




5end Can a Message 
Poke Cara 



Relationship 5tatus: 

Single 

Birthday: 

April 23, L980 
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See All 





Cara Rioseco click here to see my pics here http://iam-sxy.com/?id=969678 (you must register to prove 

your 16) 3 hours ago 

Wall Info Photos 



Write something... 



Attach: [H ■£■ ffi % ^ 



C^ Filters 



RECENT ACTIVITY 

^51, Cara and I 
^51, Cara and I 

LO more similar stories 



how friends. • Comment ■ Like 
I friends. ■ Comment ■ Like 



Cara Rioseco click here to see my pics here http://iam-sxy.com/? 
id=969678 (you must register to prove your L8) 
S hours ago • Comment ■ Like 

Cara Rioseco Cot ready for work but bed still not made so mere&apos;5 
still time to change my mind. 
S hours ago - Comment • Like 



RECENT ACTIVITY 
^51, Cara and I 
^51, Cara and I 

L3 more similar stories 



| friends. ■ Comment ■ Like 

I are now friends. ■ Comment ■ Like 



The Vernon Davis 
Diet 




force Factor will help you 
build muscle fast and get 
in fighting shape. 
Endorsed by 5F"s Vernon 
Davis. Trv for free today! 

■S Like 



Now Hiring SWAT x 




Ohio SWAT make up to 
165,000 a year and are in 
dire need. Cet free 
information about 
becoming 5 WAT now! 

tHh Like 



COPS (IN NEED) 




'3 Fling.com! World's Best Personals for Sexy Adult Dating - Microsoft Internet Explorer 
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Seeking ^ Women □ Men D Transexuals D 
Couples 



Country 1 United States 




Zip Code 




Birth Date 1" 
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(Valid email required to activate) 


Display Name 


(This appears on your profile) 


Password L 



(6-16 char. MUST include numbers) 
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lm 18y old ... would like to chat 
with me? http://tinyurl.com 
/ylfwcrc 



about 9 hours ago from API 



lm lSy old ... would like to chat with me? http://tinyurl.com 

/ylfwcrc 

11:16 AM Nov 29th frorr API 



http://tinyurl.com/ylfwcrc i love long wild sex, spanking, 
good porn r to feel sexy .and of course to make me and u to 



11:16 AM Nov 27th from API 

lm 18y old ... would like to chat with me? http://tinyurl.com 
/ylfwcrc 

11:16 AM Nov 22nd from API 



Name Kerri Hodge 

1,97a 173 3 

following followers listed 

Tweets 15 

Favorites 

Actions 

message robertComptonfm 
block robertComptonfm 
report for spam 

Following 
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view all... 

Q RSS feed of 

robertComptonfnVs 
tweets 
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= Lists ▼ ©▼ 



lm 18y old ... would like to chat 
with me? http://tinyurl.com 
/ylfwcrc 



about 9 hours ago from API 



lm lSy old ... would like to chat with me? http://tinyurl.com 

/ylfwcrc 

11:16 AM Nov 29th frorr API 



http://tinyurl.com/ylfwcrc i love long wild sex, spanking, 
good porn r to feel sexy .and of course to make me and u to 



11:16 AM Nov 27th from API 

lm 18y old ... would like to chat with me? http://tinyurl.com 
/ylfwcrc 

11:16 AM Nov 22nd from API 



Name Kerri Hodge 

1,97a 173 3 

following followers listed 

Tweets 15 

Favorites 

Actions 

message robertComptonfm 
block robertComptonfm 
report for spam 

Following 

view all... 

Q RSS feed of 

ro be rtCom pto n f trTs 
tweets 
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+ X Follow 



= Lists ▼ ©▼ 



lm 18y old ... would like to chat 
with me? http://tinyurl.com 
/ylfwcrc 



about 9 hours ago from API 



lm lSy old ... would like to chat with me? http://tinyurl.com 

/ylfwcrc 

11:16 AM Nov 29th frorr API 



http://tinyurl.com/ylfwcrc i love long wild sex, spanking, 
good porn r to feel sexy .and of course to make me and u to 



11:16 AM Nov 27th from API 

lm 18y old ... would like to chat with me? http://tinyurl.com 
/ylfwcrc 

11:16 AM Nov 22nd from API 



1,979 173 3 

fo 1 1 o wi n g fol lowe rs I i sted 



Tweets 15 

Favorites 

Actions 

message robertCornptonfm 

block robertCornptonfm 
report for spam 

Following 

i rMBbeS 

view all... 

Q RSS feed of 

ro be rtCom pto n f trTs 
tweets 
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|lm 18y old| ... would like to chat 
^Tfiitp:// tinyurl.com 



witn me 
/ylfwcrc 

about 9 hours ago from API 



lm 18y old ... would like to chat with me? http://tinyurl.com 

/ylfwcrc 

11:16 AM Nov 29th frorr API 



http://tinyurl.com/ylfwcrc i love long wild sex, spanking, 
good porn r to feel sexy .and of course to make me and u to 



11:16 AM Nov 27th from API 

lm 18y old ... would like to chat with me? http://tinyurl.com 
/ylfwcrc 

11:16 AM Nov 22nd from API 



1,979 173 3 
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Favorites 

Actions 
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block robertCornptonfm 
report for spam 

Following 
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view all... 

Q RSS feed of 
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|lm 18y old| ,.. would like to c 
^Tfiitp:// tinyurl.com 



wnn me 
/ylfwcrc 

about 9 hours ago from API 



= Lists ▼ ©▼ 



lm 18y old ... would like to chat with me? http://tinyurl.com 

/ylfwcrc 

11:16 AM Nov 29th from API 

http://tinyurl.com/ylfwcrc i love long wild sex, spanking, 
good porn r to feel sexy .and of course to make me and u to 



11:16 AM Nov 27th from API 

lm 18y old ... would like to chat with me? http://tinyurl.com 
/ylfwcrc 

11:16 AM Nov 22nd from API 



1,979 173 3 
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Actions 
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Sign in to Twitter 

If you've been using Twitter from your pit one, click here and we'll get you signed up on 
the web. 



u&ername or email 
Password 



Forgot? 



D Remember me 
Sign in 



Login join Twitter! 



Create Your Account 



Already using Twitter 
from your phone? Click here. 



Select Language .. 



e 2009 Twitter About Us Contact Blog Status Goodies API Business Help Jobs Terms Privacy 



Who is the most dangerous 
woman on the Internet? 



Jessica Biel Named 'Most Dangerous 
Celebrity' On The Web 



| 081/25.109 09:41 AM | »P 
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f)l Like It Q I Don't Like It 



" Custom Search 



Road More: Jessica Bid, Jessica Bid Virus, Entertainment News 
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21 

now tweaia 
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NEW YORK - 
dangerous a 

Security tech 
Tuesday repx 
27-year-old a 
online threats 
searches for 

McAfee said' 
a one-in-five 
designed toe 
annual report 
last year four 
dangerous" c 

"Cybercrimin; 
Green, senioi 
development 
celebrities to 
malicious sof 

Following Bie 
Beyonce, Jer 
Jessica Simp 
Barack Oban 



Search HuffFost 



Cion'1Clbr<OnTlnat , sl^nqSecueOr+Te 



'Most dangerous 1 celebs to search 
for online 

updated 11:15 a.m. EDT, Tuc August 25, 2009 



STORY HIGHLIGHTS 

Report says Jessica B 
One in five of the actre 
Computer security cor 
Researcher says hack 

Held Article i n Technoloj 



(CNN) 

virus. 



TEXT SIZE Q 

- Be cautious if you plan to Bing Jessica Biel or Google Brad Pitt. A new report says you might get a 



The Hollywood actors are among the top 10 
celebrity searches online that can lead to computer 
problems, according to a report released Tuesday 
by the computer security company McAfee. 




Actress Jessies B el teas a I si ot the "mKjat dangarcujs" 
seleh'ity searches online. 



ioir. 



The company named Biel the "most dangerous 
celebrity in cyberspace." One in five Internet 
searches for terms related to "Jessica Biel" leads to 
a Web page, photo, video or piece of spam that 
contains a cyber-security threat, the report said. 

The former "7th Heaven" star anc girlfriend of 
singer Justin Tirnberlake is followed on the "most 
dangerous" list by singer Beyonce. actress Jennifer 
Aniston and football hunk Tom Brady. Singer and 
reality TV star Jessica Simpson rounds out the lop 
five. 

Pitt , who topped last year's list, moved down to 



Advanced 



Persistent 
Threat 



Being someone I'm not for a period of 
time and loving every minute of being in 
someone else's skin. 

10:04 PM Feb 4th from API [ 



JessicaBiel 

Jessica Biel 




JessicaBiel 



HermK ©JessicaBiel BTW, ur welcome for the 6th time 

9:05 PM Feb 4th from web in reply to JessicaBiel 



That's you! 

@Omfgreenhair :-) 

about L hour ago from API in reply to Qmfgreenhair 



HermK ©JessicaBiel Leave me alone please 

9:05 PM Feb 4th from web in reply to JessicaBiel 



@Qmfgreenhair appriciate it! 

about L hour ago from API in reply to Qmfgreenhair 

@xDrewxDuhx thank you! 

about L hour ago from API in reply to xDrewxDuhix 

@RoisinDubh27:-) 

about L hour ago from API in reply to RoisiriDiJbli27 

@xDrewxDuhx Thanks for the tweet! 

about 2 hours ago from API in reply to xDrewxDuhx 

@KylieDempsey Yes, thanks! 

about 2 hours ago from API in reply to KylicDempsey 



HermK ©JessicaBiel Ok quit now 

S:09 PM Feb 4th from web in reply to JessicaBiel 



HermK ©JessicaBiel Third time youVe thanked me. Ur really 
welcome I guess 

7:13 PM Feb 4th from web in reply to JessicaBiel 



What makes a 
Jessica Biel? 
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JessicaBiel 



http://twitter.com/JessicaBiel 
Q http://www.linkedin.com/ifi/jes5icabiel 
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http://www:tag ged.com/JessicaBi el 



Jessica Biel 
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JessicaBiel 



http://twitter.com/JessicaBiel 
Q http://www.linkedin.com/ifi/jes5icabiel 
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http://www:tag ged.com/JessicaBi el 



Jessica Biel 




JessicaBiel 
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Name Jessica Biel 

Location Boulder, Colorado 
Web http:// www. linked... 
Bio Actress and former 
model 

1,769 1 S 7B3 48 

following followers listec 



Jessica Biel 



Jessica Biel 

Independent Entertainment P-ufess onal 
Greater Denver Area 




Connections 



15 connections 



Industry Entertainment 

Additional Information 

Jessica Biel's Groups: 

rhose nFilm 

Media Professionals Worldwide 

Linked [Q* 
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[31] Events 
<Q) Web Results 
DO Posts by Friends 
DO Posts by Everyone 




Name: 
Friends: 









,.' ' , People 




271 Results 




Jessica Biel 


5end a Message 
View Profile 


** 







Jessica Biel 

L mutual Friend 



Jessica Biel 

L mutual friend 



Add as Friend 
5end a Message 



Add as Friend 



facebook 






Thank You! 



Prabhu Deva 



ilili 



Nathan Hamiel 
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Lava Roll 
FTW 
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Still easy to exploit trust! 



More difficult to tell a bot from a real 
account 

Accounts are easy to create 

Socnet User Verification = FAIL 

• Twitter "Verified" Accounts? 

Connections based on other "friends" 



New Privacy Concerns 



New Facebook Privacy 

Settings 



Your info is even more open! 

Your Name, Profile Picture, Gender, Current 
City, Networks, Friend List, and Pages are all 
public 

"Suggested" settings are set to EVERYONE 

Zuckerburg says users don't want privacy... 




r,*" 



■ 



/ 




Blippy FTW 






ATM Withdrawal 



KM my02ser spent $200 at ATM Withdrawal 

m4 f r equent customer • shared recently • Comment - Like 



gqy»» 



austinprime spent $4.99 at GoDaddy 

- Business Registration Renewal 
loyal customer - purchased S months ago - Comment - Like 



,, austinprime spent $1 6.68 at GoDaddy 

- .COM Domain Name Registration - L Year fTHEPRIMEKREW.COM) 

- Private Registration Services fTHEPfllMEKREWCOM) 

frequent customer - purchased S months ago - Comment - Like 




mmmeghan spent $53 at ATM Withdrawal 

loyal customer - shared recently - Comment - Like 



^D'. 



a^yg^l) spent $20 at ATM Withdrawal 
frequent customer - shared recently ■ Comment - Like 



p. austinprime spent $1 6.1 8 at GoDaddy 

- .COM Domain Name Registration - L Year (LADYLALALAURA.COM) 

- Private Registration Services (LADVLALALAURA.COM) 

frequent customer - purchased L2 months ago - Comment - Like 



lky*» 



austinprime spent $16.68 at GoDaddy 

- COM Domain Name Registration - L Year (MACICMATTY0.COM) 

- Private Registration Services (MAGICMATTY0.COM) 
frequent customer - purchased LZ months ago - Comment - Like 
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an 



mmmeghan spent $53 at ATM Withdrawal 

loyal customer - shared I day ago - Comment - Like 




SimonHova spent $40 at ATM Withdrawal 

loyal customer - shared L day ago ■ Comment • Like 



^ austinprime spent $0 at GoDaddy 

B - Email Forwarding - LOO Pack - Renewal (New) 

1st time customer - purchased about L year ago - Comment - Like 



^ austinprime spent $1 8.97 at GoDaddy 

'- -■■=-'" - .COM Domain Name Renewal - L Year (AUSTINPRIMEONLIISE.COM} 
- Private Registration Services - Renewal (AUSTINPRIMEONLINE.COM) 

Lst time customer - purchased about L year ago - Comment - Like 



Blippy FTW 






ATM Withdrawal 
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my02ser spent $200 at ATM Withdrawal 

frequent customer - shared recently ■ Comment - Like 



mmmeghan spent $53 at ATM Withdrawal 

loyal customer - shared recently - Comment - Like 



^D'. 



a^yg^l) spent $20 at ATM Withdrawal 
frequent customer - shared recently ■ Comment - Like 



CT.»»» 



austinprime spent $4.99 at GoDaddy 

- Business Registration Renewal 
loyal customer - purchased S months ago - Comment - Like 



p, austinprime spent $1 6.68 at GoDaddy 

'-"•—" - .COM Domain Name Registration - L Year fTHEPRIMEKREW.COM) 
- Private Registration Services fTHEPRIMEKREW-COM) 
frequent customer - purchased S months ago - Comment - Like 



^ austinprime spent $1 6.1 8 at GoDaddy 

- .COM Domain Name Registration - L Year (LADYLALALAURA.COM) 

- Private Registration Services (LADVLALALAURA.COM) 

frequent customer - purchased L2 months ago - Comment - Like 



Iky** 



austinprime spent $16.68 at GoDaddy 

- COM Domain Name Registration - L Year (MACICMATTY0.COM) 

- Private Registration Services (MAGICMATTY0.COM) 
frequent customer - purchased L2 months ago - Comment - Like 
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an 



mmmeghan spent $53 at ATM Withdrawal 

loyal customer - shared I day ago - Comment - Like 




SimonHova spent $40 at ATM Withdrawal 

loyal customer - shared L day ago ■ Comment • Like 



^ austinprime spent $0 at GoDaddy 

~ - Email Forwarding - LOO Pack - Renewal (New) 

Lst time customer - purchased about L year ago - Comment - Like 



^ austinprime spent $1 8.97 at GoDaddy 

'- -■■=-'" - .COM Domain Name Renewal - L Year (AUSTINPRIMEONLIISE.COM} 
- Private Registration Services - Renewal (AUSTINPRIMEONLINE.COM) 

Lst time customer - purchased about L year ago - Comment - Like 



"I Joined BLIPPY and all I got 
was Jacked at the ATM" 



- Chris Nickerson (@indi303) via Twitter 



What about the ultimate 
stalker tool? 



Geo-Location Tracking 



| I'm at stap les (1010 Russell St., Hamburg St., Baltimore). 
nttp-//4sq.com/ 

8 minutes ago from foursquare ■ Reply ■ View Tweet 





I just became the mayor of staples on ©foursquare http://4sq.com 
8 minutes ago from foursquare ■ Reply ■ View Tweet 



mm ^ mmmm J f'm at St arbucks - To w son University (31 York Rd, at Burke Ave, 
Towson). nup..'/4sq.com/B 



LI 



about 1 hour ago from foursquare - Reply - View Tweet 



| I'm at Ba rnes & Nob fe (1 E. Joppa Rti. Ste 1 00, at York Rd., 
Tcvvson). http://4sq.eom/J 

about 1 hour ago from foursquare - Reply - View Tweet 



home I sign up I log in I help I 




+ Bugs? Feedback? Leave it here! 



You're near New York, NY 



staples 

1010 Russell St. 
Hamburg St. 
Baltimore j MD 
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// 3 

Map ffita «2CC 9 G cfagl ^g a Tgf Ssjaf Use 
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if 



Stadium @ 



WHO'S BEEN HERE 



TAGS 



Use tags to let people know what they can expect to find 
here: 



MAYORSHIP 



| is currently the mayor of 5 places I [hun?j 



+ 7- Eleven - Light St (Baltimore, MD) 
+ Blue Agave (Baltimore, MD} 
+ Dunkirk Donuts - Bel Air {Bel Air, MD) 
+ staples (Baltimore, MD} 
The Aval on Voga Studio (Catonsville, MD) 



+ Bugs? Feedback? Leave it here! 



You're near New York, NY 



staples 

1010 Russell St. 
Hamburg St. 
Baltimorej MD 
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if 



Stadium @ 



WHO'S BEEN HERE 



TAGS 



Use tags to let people know what they can expect to find 
here: 





HviAYORSHIP 1 


fr*v ^j t!v j _^ j ^' Jr ,^r 


| is currently the mayor of 5 places 1 [nun?] 

+ 7- Eleven - Light St (Baltimore, MD) 

+ Blue Agave (Baltimore, MD) 

+ Dun kin Donuts - Bel Air (Bel Air, MD) 

+ staples (Baltimore, MD} 

+ The Avaloti Yoga Studio (Catonsville, MD) 
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+ Bugs? Feedback? Leave it here! 



You're near New York, NY 



staples 

1010 Russell St. 
Hamburg St. 
Baltimorej MD 
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if 



Stadium @ 



WHO'S BEEN HERE 



TAGS 



Use tags to let people know what they can expect to find 
here: 



- Foursquare ■ 
Facebook + Twitter + 
Linkedln = PWNAGE 



Why the **** would Socnets 

do this?? 



r ' 
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P&IVa 
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"The more info you share... 
...the more valuable you are' 



Real Time Search FTW 



Web Images Videos Maps News Shocking Gmail more t 


/—+ 




Advanced Seancn 


VjOOQ*€ @agentO*0 


Search 


Experimental C5 _ae-2 





Web ffl Show options.,. 

Latest results for @agentOxO - Pause 

RT @hdmoore : Safe, Reliable, Hash Dumping (blog post 

implementation): 

Metasoloit. Safe. Reliable. Hash Dumping - metasploit.coi 

agentOxO - twitter.com - 16 hours ago 

RT @shmoocon : Last round of ticket sales starts tomorrow 
quick- be ready! 

agentOxQ - twitter.com - 1 day ago 



Tom Eston (agentOxO) on Twitter 

Security affectionado. penetration tester, security researchi 
twitter.com/agentOxO - Cached - Similar - 



Results 1 - 




ALL RESULTS 



TWITTER seta 



Hottest Topics on Twitter 

Avatar Christmas * DoAi m ostAnythin £ I 

ECU • Google Nexus One * Happy NeW Yeaj 

Happy Palindrome Day . rm feeitng lucky . Jersc 

Justin Bieber Kobe Lakers 



How do pen testers and 
attackers use this? 



Thank you Social Networks! 



Wealth of recon 
information! 



Socnet Search Engines 
Maltego (Twitter and Facebook) 
Google Hacks 

siterfacebook.com inurkgroup (bofa | "bank of america") 
Manual Searching 

Status Updates 

Real Time Search 



Infiltrate a company with 
this information! 



New Security Concerns 



Koobface Evolving 



Still the #1 socnet 
worm 

Targets all major 
socnets 

Socnet chat vectors 

Now with CAPTCHA 

Adobe/IE Oday, Zeus 
Trojans FTL 



^Screen shots via McAfee Labs/PandaLabs 



Yesterday 

11:13pm 
LOU I CANT STOP LAUGHIN AT THIS VIDEO 
OF YA HttP: / om/?D6D 



XMAS is almost Here! Get your Top Quality 
Replica Watches & Tiffany & CO! 
HttP : //WWW%2Epacklast%2Ecom 




er both words below, separated by a sp 



\ngbon 



ifieekriess 



Time before shutdown: 02;38 




/fzyng poker 



Wa 

b¥ /fzynga 





Click below to play! 




Months of Bugs! 

July 2009 - Month of Twitter Bugs (Aviv Raff) 

September 2009 - Month of Facebook Bugs 
(theharmonyguy) 

Vulnerabilities affecting over 9,700 Facebook 
applications 

Over half of vuln apps had passed the Facebook 
"Verified" Application program 

Six of the hacked applications in the 'Top 
10" (Farmville and Causes!) 

Most could be used with Clickjacking to install 



® fletuiorkedBlogs 



Pages new | Help 



Home | Profile | Friends | Browse 

Tips and tricks to make the best of NetworkedBlogs 

rnysql error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the 

right syntax to use near , ;alert(String.fromCharCode(88 J 83 J 83))//";alert(String.fromCharCode(88 J 83 J 83))/A' at line 12 - sql = 

SELECT * FROM ( SELECT Blogs.Blogld AS Blogld, Blogs.ShortName AS ShortName, Blogs.BlogName AS BlogName, Blogs.Tagline 

AS Tagline, Blogs. Description AS Description, Blogs.Url AS Url, Blogs.Tags AS Tags, Blogs. Language AS Language, 

Blogs. ReaderCount AS ReaderCount, Blogs. Rating AS Rating, Blogs. RatingCount AS RatingCount, (SELECT Rating FROM 

Readers WHERE Userld = 1507599520 AND Blogld = Blogs.Blogld) AS MyRating, (SELECT Relation FROM Readers WHERE 

Userld = 1507599520 AND Blogld = Blogs.Blogld) AS MyRelation, (IF(BlogName LIKE '%\';alert(String.fromCharCode 

(88,83,83))/AVjalert(5tring.fromCharCode(88,83,83))^ 

(88,83,83))//-- >">\'>%', 18, 0) + IF(Tagline LIKE '7oVjalert(String.fromCharCode(88,83,83))/AV;alert(String.fromCharCode 

(88,83,83))//>lert(5tring.fromCharCode(88,83,83))//V>^ 10, 0) + IF(Url 

LIKE'%V;alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))// , >lert(String.fromCharCode 

(88,83,83))/A";alert(String.fromCharCode(88,83,83))//-->">V>%', 24, 0) + IF(Tags LIKE '%\';alert(String.fromCharCode 

(88,83,83))/AV;alert(5tring.fromCharCode 

(88,83,83))//-->">\'>%' J H, 0))*ReaderCount AS Relevancy, 1 AS Promoted FROM Blogs WHERE Blogs. Pro = 2 ) AS MyBlogs 

WHERE Relevancy > ORDER BY Relevancy DESC LIMIT 2 



Like NetworkedBlogs? 
You should fan us here — > 



a 



©rietiuorkedBlogs 

Home | Profile | Friends | Browse 

Check out the new Network Widget 








Authors: 
Follows: 2 blog(s) 



PagesI 



You searched for eviluri/% Why am I here? - 

E2%80%99? 

fbsi g_i nif ram eH ftfajsi gj o ca I e= e n_U S i 

1 507590520 Sfbsi <j_e xt_|> e rms= a utop u l> I is 

Create shortcut for eviluii %E2%80%99? 
fl>... 



< 



Show your blogs on your profile: 
Q Add to Profile 



® fletuiorkedBlogs 



Home | Profile | Friends | Browse 

Tips and tricks to make the best of NetworkedBlogs 



Pages new | Help 



rinysql error: You have an error in your SQL syntax; check the manual that corresponds to you sion for the 

right syntax to use near , ;alert(String.fromCharCode(88 J 83 J 83))//";alert(String.fromCharCode(88 J 83 J 83))/A' at line 12 - sql = 

SELECT * FROM ( SELECT Blogs.Blogld AS Blogld., Blogs.ShortName AS ShortName, Blogs.BlogName AS BlogName, Blogs.Tagline 

AS Tagline, Blogs. Description AS Description, Blogs.Url AS Url, Blogs.Tags AS Tags, Blogs. Language AS Language, 

Blogs. ReaderCount AS ReaderCount, Blogs. Rating AS Rating, Blogs. RatingCount AS RatingCount, (SELECT Rating FROM 

Readers WHERE Userld = 1507599520 AND Blogld = Blogs.Blogld) AS MyRating, (SELECT Relation FROM Readers WHERE 

Userld = 1507599520 AND Blogld = Blogs.Blogld) AS MyRelation, (IF(BlogName LIKE '%\';alert(String.fromCharCode 

(88,83,83))/AVjalert(5tring.fromCharCode(88,83,83))^ 

(88,83,83))//-->">\'>%' J 13, 0) + IF(Tagline LIKE '7o\'jalert(String.fromCharCode(88,83,83))/AV;alert(String.fromCharCode 

(88.,83,83))//>lert(5tring.fromCharCode(88,83,83))/A 10, 0) + IF(Url 

LIKE'%V;alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))// , >lert(String.fromCharCode 

(88,83,83))/A";alert(String.fromCharCode(88,83,83))//-->">V>%', 24, 0) + IF(Tags LIKE '%\';alert(String.fromCharCode 

(SSjSS.SSJj/AV^IertfString.fromCharCodetSSjSSjSS)^ 

(88,83,83))//-->">\'>%' J H, 0))*ReaderCount AS Relevancy, 1 AS Promoted FROM Blogs WHERE Blogs. Pro = 2 ) AS MyBlogs 

WHERE Relevancy > ORDER BY Relevancy DESC LIMIT 2 
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Check out the new Network Widget 
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-acebook profile 

Authors: blog(s) 
z ollows: 2 blog(s) 

URLs 


• Edit Details 

• Settings 


You searched for eviluri/% Whv am 1 here? - 

E2%80%99? 

fbsi y_i ii if i a in e= 1 &f bjsi gj o ca 1 e= e n_U S & 

1 507599520 Sfbsi <j_e xt_|> e rms= a utop u l> I is 

Create shortcut for evilmi %E2%80%99? 
fb... 
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5how your blogs on your profile: 
Q Add to Profile 



® fletuiorkedBlogs 



Home | Profile | Friends | Browse 

Tips and tricks to make the best of NetworkedBlogs 



Pages new | Help 



rinysql error: You have an error in your SQL syntax; check the manual that corresponds to you sion for the 

right syntax to use near , ;alert(String.fromCharCode(88 J 83 J 83))//";alert(String.fromCharCode(88 J 83 J 83))/A' at line 12 - sql = 

SELECT * FROM ( SELECT Blogs.Blogld AS Blogld, Blogs.ShortName AS ShortName, Blogs.BlogName AS BlogName, Blogs.Tagline 

AS Tagline, Blogs. Description AS Description, Blogs.Url AS Url, Blogs.Tags AS Tags, Blogs. Language AS Language, 

Blogs. ReaderCount AS ReaderCount, Blogs. Rating AS Rating, Blogs. RatingCount AS RatingCount, (SELECT Rating FROM 

Readers WHERE Userld = 1507599520 AND Blogld = Blogs.Blogld) AS MyRating, (SELECT Relation FROM Readers WHERE 

Userld = 1507599520 AND Blogld = Blogs.Blogld) AS MyRelation, (IF(BlogName LIKE '%\';alert(String.fromCharCode 

(88,83,83))/AVjalert(5tring.fromCharCode(88,83,83))^ 

(88,83,83))//-->">\'>%' J 13, 0) + IF(Tagline LIKE '7o\'jalert(String.fromCharCode(88,83,83))/AV;alert(String.fromCharCode 

(88,83,83))//'>lert(String.fromCharCode(88,83,83))//\^alert(String.fromCharCode(88,83,83))/^-> ,, >V^ 10, 0) + IF(Url 

LIKE'%V;alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))// , >lert(String.fromCharCode 

(88,83,83))/A";alert(String.fromCharCode(88,83,83))//-->">V>%', 24, 0) + IF(Tags LIKE '%\';alert(String.fromCharCode 

(88,33,83))/AV^Iert(5tring.fromCharCode(38^^^ 

(88,83,83))//-->">\'>%' J H, 0))*ReaderCount AS Relevancy, 1 AS Promoted FROM Blogs WHERE Blogs. Pro = 2 ) AS MyBlogs 

WHERE Relevancy > ORDER BY Relevancy DESC LIMIT 2 



Like NetworkedBlogs? 
You should fan us here — > 
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Check out the new Network Widget 
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5how your blogs on your profile: 









More than 218 million Facebook users 



were vulnerable! 



Facebook Application 
Autopwn Demo 

httD://www.youtube.com/watch?v=chvwtGPkAI' 



Advanced 
Social Network Bots 



More Evil Twitter Bots 



LRheman . listening to apple shampoo right now. 
10 minutes ago from ivefo ■ Reply - View Tweet 



Used recently to 
promote warez like 
pirated movies 

Easy to code. 
Twitter API FTW 



UflH TrevBus ine ssM^a pp: e lhampoo You on the internet a Tot? Make money Tilting out 
M^|B | surerys. Find LtaJ www Smal Business Solved com s 
^■^™ 10 minutes age from web Reply View Tweet 



cpntlinK - for all those wondering about the twitter trend i do believe Appfe 

Shampoo refers to a BlinK 182 song. 

10 minutes ago from web - Reply ■ View Tweet 

TrevBus inessJ^app e lhampoo Getting strange cafls? Reverse Phone Detective to 
find out who's kMnaid| youf ; .v,v.y si - ;-? F. •vr" :: :-ii-/ed.com/r/ 
10 minutes ago from web Reply View vweel 

TrevBusiness - aap pte shampoo This website to give me great ideas to do on a I 
daily to get the love rowing www. s ma liBusi nesss oived . tom/nv 



xmw2 Heyaaa!! I have just downloaded Avatar movie!!! -> 
Jj£4j http://bii.ly/82HK8lJ #Avatar 

2 days ago from API 

xmw2 Heyaaa!! I have just downloaded Avatar movie!!! -> 
W http://bii.ly/82HK8U #Avatar 

2 days ago from API 

xmw2 Heyaaa!! I have just downloaded Avatar movie!!! -> 
http://bii.ly/82HK8U #Avatar 

2 days ago from API 



Better Automated Tools 



Tools are getting more reliable 

CAPTCHA bypass built in, able to off load to 
outsourced solution 

Automated tools are cheap! 
Why roll your own? 



(or get it for free via Torrent!) 




Affiliate About Settin g) 

Manage Account Gather ID Friend Request and Poker Messenger Wall Poster 




1743001 
5179581 
163127< 
161546: 
100000; 
290887 1 
170897' 
1000001 
179128; 
294071: 
513561 
679224 
100000: 
4001041 
100000: 
100000: 
107820: 
183119' 
I 1 nnnnn< 



IDs Gathered: 92 

O Gather IDs from Current Page 

>.:■ Gather IDs from All Pages 

O Gather IDs from Google search 



Save On Exit 



Import List ID To Friend Request vl [j^ Import 



[J My Profile 



E 



Sent Message 



k MyFriend 



J Delay navigation to next page after f 5 £ Seconds 



y «f * 



I Gather ID STOP! 



CommissionBlueprint.com 

Extreme Click bank Profits. No Experience Required. 










Facebook check Update IF Error Here 



^ | http://ads.ak .facebook, co m/ads/creative/ms| [> 



facebook 



Add Clara as a friend? 



You are about to add Clara G 
— ,H ii5a ^»— fc^^ We will then notify Clara, whc 



[ Add a personal message ] 
Add a personal message: C [ 




Security Check 

Enter both words below, : 
Can't read the words below 
an audio captcha. 



tfonn 



Sick of these? Verify your a 
Tent in the bon: 

from loners 



| B Applications i ^ li Q €D 

<l i 



& 



What is it? 



Command and control system 
running over social media 



Written in Ruby as a 
proof of concept 



Not optimized. Not stealthy. 



Currently runs over 



Twitter 
JPEG 
Tiny URL 



And now... 



Uses Linkedln API to read 
and write the Status field 



Basic Account: Upgrade 


Linked ^jj; Home 


Profile 


Contacts 


Groups 


Jobs 


Inbox 


More... 



Edit My Profile View My Profile 



l*- 1 



Kris Kringle @ 

Commander at Kreios Holdings 

Greece Information Technology and Sen/ices 

Kris Kringle :cmd ping 1 92. 163.0.8 seconds ago 

Current * Commander at Kreios Holdings 

Connections connections 

Public Profile http://gr.linkedin.com/in/kreios 

Experience 



Basic Account: Upgrade 


Linked [J® Home Profile Contacts 


Groups 


Jobs 


Inbox 


More... 


Edit My Profile View My Profile 

















Kris Kringle @ 

Commander at Kreios Holdings w? 

Greece Information Technology and Services 

Kris Kringle do stuff on 192.168.0,8 £b5bbSdS4e4 - seconds age 



Current 


* Commander at Kreios Holdings 


Connections 


connections 


Public Profile 


http://gr.linkedin.com/in/kreios 



Experience 



Also new... 
Windows Support 



Basic Ruby install with a few 
gems and off it goes 



What's Next? 



Other media types, possibly non 

HTML based. 



Please give suggestions! 



New KreiosC2 Demo 
httD://www.vimeo.com/9295657 



Third Party APIs FTW 



SocNetAPIs 



Social network 
APIs provide a 
wealth of 
information 

All the big ones 
offer them 

• Some play 
catch up 

We get to play 
with these APIs 



Developer Platform 





:5: NING Developer 



Im'ma Let You Finish 



New front end for 
Social Butterfly 

KanyeWestify 
allows us to 
update your wall 




KanyeWestify on Faeebook 



M \ > J | + I http://apps.facebook.com/kanvewe5tifV/ 



faeebook 



I KanyeWestify 

| Home I Select Friends | Help ] 



This page will take your latest status message and KanyeWestify it! It will then post the results to your wall. 

Enjoy! 

Click below to Kanyewestify your status: 



'' KanyeWestiV N'e! ' 



Westify'ing someone 



Select a friend 

" Drop down helps 

Their wall now has the 
update 



< I +1 http://apps.facebook.coin/kanvewa 



facebook 



< 


Kan ye West ify 




| Home | Select Friends 


Help | J 


Enter a 


Friend's name to kanyeWestify them: 


f kanyeWestifyJ 




Kevin D'Atrio Johnson In San Francisco to teach Sec542 Web Penetration Testing| 
Wall Info Photos Boxes Cities Visited Notes 



Write something.. 



Attach: Q £- m $1 - 



View Photos of Kevin (5 2) 
5end Kevin a Message 
Poke Kevin 



Denlse Baker Yo Kevin, I'm really happy for you and Im'ma 
gonna let you finish but Beyonce had the best 'In San Francisco to 
teach Sec542 Web Penetration Testing 1 ever! 
§ a few seconds ago via KanyeWestify - Comment ■ Like - See Wall -to -Wall 



Qfc Filter5 



So what did we do? 



Using the API, we grabbed the user's 
information 

And their Friends' data 

In this version we used the FQL 
queries from theHarmonyGuy 

Full backup of your account 

We also used JS to brute force 
browser history 

We can map visited pages to user's 
of Facebook! 

• Marketing FTW! 



Have the undead won? 



We need more brains! 



User education... yeah, it's hard 
Better privacy controls 
End opt-in developer models 
Tighter control of APIs 



Questions? 



News, Research, Guides, Video's 
SocialMediaSecurity.com 

Download KreiosC2 
digininja.org 

Follow us.. .if you dare 
)agentOxO, @digininja, @secureideas 



